1 // SPDX-License-Identifier: BSD-3-Clause
2 /*
3 * Copyright (c) 2017-2021, STMicroelectronics
4 */
5
6 #include <config.h>
7 #include <drivers/stm32_etzpc.h>
8 #include <drivers/stm32_gpio.h>
9 #include <drivers/stm32mp1_etzpc.h>
10 #include <drivers/stm32mp1_rcc.h>
11 #include <dt-bindings/clock/stm32mp1-clks.h>
12 #include <dt-bindings/reset/stm32mp1-resets.h>
13 #include <initcall.h>
14 #include <io.h>
15 #include <keep.h>
16 #include <kernel/boot.h>
17 #include <kernel/panic.h>
18 #include <kernel/pm.h>
19 #include <kernel/spinlock.h>
20 #include <libfdt.h>
21 #include <mm/core_memprot.h>
22 #include <platform_config.h>
23 #include <stdbool.h>
24 #include <stm32_util.h>
25 #include <string.h>
26
27 /*
28 * Once one starts to get the resource registering state, one cannot register
29 * new resources. This ensures resource state cannot change.
30 */
31 static bool registering_locked;
32
33 /*
34 * Shared register access: upon shared resource lock
35 */
36 static unsigned int shregs_lock = SPINLOCK_UNLOCK;
37
38 /* Shared resource lock: assume not required if MMU is disabled */
lock_stm32shregs(void)39 static uint32_t lock_stm32shregs(void)
40 {
41 return may_spin_lock(&shregs_lock);
42 }
43
unlock_stm32shregs(uint32_t exceptions)44 static void unlock_stm32shregs(uint32_t exceptions)
45 {
46 may_spin_unlock(&shregs_lock, exceptions);
47 }
48
io_mask32_stm32shregs(vaddr_t va,uint32_t value,uint32_t mask)49 void io_mask32_stm32shregs(vaddr_t va, uint32_t value, uint32_t mask)
50 {
51 uint32_t exceptions = lock_stm32shregs();
52
53 io_mask32(va, value, mask);
54
55 unlock_stm32shregs(exceptions);
56 }
57
io_clrsetbits32_stm32shregs(vaddr_t va,uint32_t clr,uint32_t set)58 void io_clrsetbits32_stm32shregs(vaddr_t va, uint32_t clr, uint32_t set)
59 {
60 uint32_t exceptions = lock_stm32shregs();
61
62 io_clrsetbits32(va, clr, set);
63
64 unlock_stm32shregs(exceptions);
65 }
66
67 /*
68 * Shared peripherals and resources registration
69 *
70 * Each resource assignation is stored in a table. The state defaults
71 * to PERIPH_UNREGISTERED if the resource is not explicitly assigned.
72 *
73 * Resource driver that as not embedded (a.k.a their related CFG_xxx build
74 * directive is disabled) are assigned to the non-secure world.
75 *
76 * Each IO of the GPIOZ IO can be secure or non-secure.
77 *
78 * It is the platform responsibility the ensure resource assignation
79 * matches the access permission firewalls configuration.
80 */
81 enum shres_state {
82 SHRES_UNREGISTERED = 0,
83 SHRES_SECURE,
84 SHRES_NON_SECURE,
85 };
86
87 /* Use a byte array to store each resource state */
88 static uint8_t shres_state[STM32MP1_SHRES_COUNT] = {
89 #if !defined(CFG_STM32_IWDG)
90 [STM32MP1_SHRES_IWDG1] = SHRES_NON_SECURE,
91 #endif
92 #if !defined(CFG_STM32_UART)
93 [STM32MP1_SHRES_USART1] = SHRES_NON_SECURE,
94 #endif
95 #if !defined(CFG_STM32_SPI)
96 [STM32MP1_SHRES_SPI6] = SHRES_NON_SECURE,
97 #endif
98 #if !defined(CFG_STM32_I2C)
99 [STM32MP1_SHRES_I2C4] = SHRES_NON_SECURE,
100 [STM32MP1_SHRES_I2C6] = SHRES_NON_SECURE,
101 #endif
102 #if !defined(CFG_STM32_GPIO)
103 [STM32MP1_SHRES_GPIOZ(0)] = SHRES_NON_SECURE,
104 [STM32MP1_SHRES_GPIOZ(1)] = SHRES_NON_SECURE,
105 [STM32MP1_SHRES_GPIOZ(2)] = SHRES_NON_SECURE,
106 [STM32MP1_SHRES_GPIOZ(3)] = SHRES_NON_SECURE,
107 [STM32MP1_SHRES_GPIOZ(4)] = SHRES_NON_SECURE,
108 [STM32MP1_SHRES_GPIOZ(5)] = SHRES_NON_SECURE,
109 [STM32MP1_SHRES_GPIOZ(6)] = SHRES_NON_SECURE,
110 [STM32MP1_SHRES_GPIOZ(7)] = SHRES_NON_SECURE,
111 #endif
112 #if !defined(CFG_STM32_RNG)
113 [STM32MP1_SHRES_RNG1] = SHRES_NON_SECURE,
114 #endif
115 #if !defined(CFG_STM32_HASH)
116 [STM32MP1_SHRES_HASH1] = SHRES_NON_SECURE,
117 #endif
118 #if !defined(CFG_STM32_CRYP)
119 [STM32MP1_SHRES_CRYP1] = SHRES_NON_SECURE,
120 #endif
121 #if !defined(CFG_STM32_RTC)
122 [STM32MP1_SHRES_RTC] = SHRES_NON_SECURE,
123 #endif
124 };
125
126 static const char __maybe_unused *shres2str_id_tbl[STM32MP1_SHRES_COUNT] = {
127 [STM32MP1_SHRES_GPIOZ(0)] = "GPIOZ0",
128 [STM32MP1_SHRES_GPIOZ(1)] = "GPIOZ1",
129 [STM32MP1_SHRES_GPIOZ(2)] = "GPIOZ2",
130 [STM32MP1_SHRES_GPIOZ(3)] = "GPIOZ3",
131 [STM32MP1_SHRES_GPIOZ(4)] = "GPIOZ4",
132 [STM32MP1_SHRES_GPIOZ(5)] = "GPIOZ5",
133 [STM32MP1_SHRES_GPIOZ(6)] = "GPIOZ6",
134 [STM32MP1_SHRES_GPIOZ(7)] = "GPIOZ7",
135 [STM32MP1_SHRES_IWDG1] = "IWDG1",
136 [STM32MP1_SHRES_USART1] = "USART1",
137 [STM32MP1_SHRES_SPI6] = "SPI6",
138 [STM32MP1_SHRES_I2C4] = "I2C4",
139 [STM32MP1_SHRES_RNG1] = "RNG1",
140 [STM32MP1_SHRES_HASH1] = "HASH1",
141 [STM32MP1_SHRES_CRYP1] = "CRYP1",
142 [STM32MP1_SHRES_I2C6] = "I2C6",
143 [STM32MP1_SHRES_RTC] = "RTC",
144 [STM32MP1_SHRES_MCU] = "MCU",
145 [STM32MP1_SHRES_PLL3] = "PLL3",
146 [STM32MP1_SHRES_MDMA] = "MDMA",
147 };
148
shres2str_id(enum stm32mp_shres id)149 static __maybe_unused const char *shres2str_id(enum stm32mp_shres id)
150 {
151 return shres2str_id_tbl[id];
152 }
153
154 static const char *shres2str_state_tbl[4] __maybe_unused = {
155 [SHRES_UNREGISTERED] = "unregistered",
156 [SHRES_NON_SECURE] = "non-secure",
157 [SHRES_SECURE] = "secure",
158 };
159
shres2str_state(enum shres_state id)160 static __maybe_unused const char *shres2str_state(enum shres_state id)
161 {
162 return shres2str_state_tbl[id];
163 }
164
165 /* GPIOZ bank pin count depends on SoC variants */
166 #ifdef CFG_EMBED_DTB
167 /* A light count routine for unpaged context to not depend on DTB support */
168 static int gpioz_nbpin = -1;
169
get_gpioz_nbpin(void)170 static unsigned int get_gpioz_nbpin(void)
171 {
172 if (gpioz_nbpin < 0)
173 panic();
174
175 return gpioz_nbpin;
176 }
177
set_gpioz_nbpin_from_dt(void)178 static TEE_Result set_gpioz_nbpin_from_dt(void)
179 {
180 void *fdt = get_embedded_dt();
181 int node = fdt_path_offset(fdt, "/soc/pin-controller-z");
182 int count = stm32_get_gpio_count(fdt, node, GPIO_BANK_Z);
183
184 if (count < 0 || count > STM32MP1_GPIOZ_PIN_MAX_COUNT)
185 panic();
186
187 gpioz_nbpin = count;
188
189 return TEE_SUCCESS;
190 }
191 /* Get GPIOZ pin count before drivers initialization, hence service_init() */
192 service_init(set_gpioz_nbpin_from_dt);
193 #else
get_gpioz_nbpin(void)194 static unsigned int get_gpioz_nbpin(void)
195 {
196 return STM32MP1_GPIOZ_PIN_MAX_COUNT;
197 }
198 #endif
199
register_periph(enum stm32mp_shres id,enum shres_state state)200 static void register_periph(enum stm32mp_shres id, enum shres_state state)
201 {
202 assert(id < STM32MP1_SHRES_COUNT &&
203 (state == SHRES_SECURE || state == SHRES_NON_SECURE));
204
205 if (registering_locked)
206 panic();
207
208 if (shres_state[id] != SHRES_UNREGISTERED &&
209 shres_state[id] != state) {
210 DMSG("Cannot change %s from %s to %s",
211 shres2str_id(id),
212 shres2str_state(shres_state[id]),
213 shres2str_state(state));
214 panic();
215 }
216
217 if (shres_state[id] == SHRES_UNREGISTERED)
218 DMSG("Register %s as %s",
219 shres2str_id(id), shres2str_state(state));
220
221 switch (id) {
222 case STM32MP1_SHRES_GPIOZ(0):
223 case STM32MP1_SHRES_GPIOZ(1):
224 case STM32MP1_SHRES_GPIOZ(2):
225 case STM32MP1_SHRES_GPIOZ(3):
226 case STM32MP1_SHRES_GPIOZ(4):
227 case STM32MP1_SHRES_GPIOZ(5):
228 case STM32MP1_SHRES_GPIOZ(6):
229 case STM32MP1_SHRES_GPIOZ(7):
230 if ((id - STM32MP1_SHRES_GPIOZ(0)) >= get_gpioz_nbpin()) {
231 EMSG("Invalid GPIO %u >= %u",
232 id - STM32MP1_SHRES_GPIOZ(0), get_gpioz_nbpin());
233 panic();
234 }
235 break;
236 default:
237 break;
238 }
239
240 shres_state[id] = state;
241
242 /* Explore clock tree to lock secure clock dependencies */
243 if (state == SHRES_SECURE) {
244 switch (id) {
245 case STM32MP1_SHRES_GPIOZ(0):
246 case STM32MP1_SHRES_GPIOZ(1):
247 case STM32MP1_SHRES_GPIOZ(2):
248 case STM32MP1_SHRES_GPIOZ(3):
249 case STM32MP1_SHRES_GPIOZ(4):
250 case STM32MP1_SHRES_GPIOZ(5):
251 case STM32MP1_SHRES_GPIOZ(6):
252 case STM32MP1_SHRES_GPIOZ(7):
253 stm32mp_register_clock_parents_secure(GPIOZ);
254 break;
255 case STM32MP1_SHRES_IWDG1:
256 stm32mp_register_clock_parents_secure(IWDG1);
257 break;
258 case STM32MP1_SHRES_USART1:
259 stm32mp_register_clock_parents_secure(USART1_K);
260 break;
261 case STM32MP1_SHRES_SPI6:
262 stm32mp_register_clock_parents_secure(SPI6_K);
263 break;
264 case STM32MP1_SHRES_I2C4:
265 stm32mp_register_clock_parents_secure(I2C4_K);
266 break;
267 case STM32MP1_SHRES_RNG1:
268 stm32mp_register_clock_parents_secure(RNG1_K);
269 break;
270 case STM32MP1_SHRES_HASH1:
271 stm32mp_register_clock_parents_secure(HASH1);
272 break;
273 case STM32MP1_SHRES_CRYP1:
274 stm32mp_register_clock_parents_secure(CRYP1);
275 break;
276 case STM32MP1_SHRES_I2C6:
277 stm32mp_register_clock_parents_secure(I2C6_K);
278 break;
279 case STM32MP1_SHRES_RTC:
280 stm32mp_register_clock_parents_secure(RTC);
281 break;
282 default:
283 /* No expected resource dependency */
284 break;
285 }
286 }
287 }
288
289 /* Register resource by ID */
stm32mp_register_secure_periph(enum stm32mp_shres id)290 void stm32mp_register_secure_periph(enum stm32mp_shres id)
291 {
292 register_periph(id, SHRES_SECURE);
293 }
294
stm32mp_register_non_secure_periph(enum stm32mp_shres id)295 void stm32mp_register_non_secure_periph(enum stm32mp_shres id)
296 {
297 register_periph(id, SHRES_NON_SECURE);
298 }
299
300 /* Register resource by IO memory base address */
register_periph_iomem(vaddr_t base,enum shres_state state)301 static void register_periph_iomem(vaddr_t base, enum shres_state state)
302 {
303 enum stm32mp_shres id = STM32MP1_SHRES_COUNT;
304
305 switch (base) {
306 case IWDG1_BASE:
307 id = STM32MP1_SHRES_IWDG1;
308 break;
309 case USART1_BASE:
310 id = STM32MP1_SHRES_USART1;
311 break;
312 case SPI6_BASE:
313 id = STM32MP1_SHRES_SPI6;
314 break;
315 case I2C4_BASE:
316 id = STM32MP1_SHRES_I2C4;
317 break;
318 case I2C6_BASE:
319 id = STM32MP1_SHRES_I2C6;
320 break;
321 case RTC_BASE:
322 id = STM32MP1_SHRES_RTC;
323 break;
324 case RNG1_BASE:
325 id = STM32MP1_SHRES_RNG1;
326 break;
327 case CRYP1_BASE:
328 id = STM32MP1_SHRES_CRYP1;
329 break;
330 case HASH1_BASE:
331 id = STM32MP1_SHRES_HASH1;
332 break;
333
334 /* Always non-secure resource cases */
335 #ifdef CFG_WITH_NSEC_GPIOS
336 case GPIOA_BASE:
337 case GPIOB_BASE:
338 case GPIOC_BASE:
339 case GPIOD_BASE:
340 case GPIOE_BASE:
341 case GPIOF_BASE:
342 case GPIOG_BASE:
343 case GPIOH_BASE:
344 case GPIOI_BASE:
345 case GPIOJ_BASE:
346 case GPIOK_BASE:
347 /* Fall through */
348 #endif
349 #ifdef CFG_WITH_NSEC_UARTS
350 case USART2_BASE:
351 case USART3_BASE:
352 case UART4_BASE:
353 case UART5_BASE:
354 case USART6_BASE:
355 case UART7_BASE:
356 case UART8_BASE:
357 /* Fall through */
358 #endif
359 case IWDG2_BASE:
360 /* Allow drivers to register some non-secure resources */
361 DMSG("IO for non-secure resource 0x%lx", base);
362 if (state != SHRES_NON_SECURE)
363 panic();
364
365 return;
366
367 default:
368 panic();
369 break;
370 }
371
372 register_periph(id, state);
373 }
374
stm32mp_register_secure_periph_iomem(vaddr_t base)375 void stm32mp_register_secure_periph_iomem(vaddr_t base)
376 {
377 register_periph_iomem(base, SHRES_SECURE);
378 }
379
stm32mp_register_non_secure_periph_iomem(vaddr_t base)380 void stm32mp_register_non_secure_periph_iomem(vaddr_t base)
381 {
382 register_periph_iomem(base, SHRES_NON_SECURE);
383 }
384
385 /* Register GPIO resource */
stm32mp_register_secure_gpio(unsigned int bank,unsigned int pin)386 void stm32mp_register_secure_gpio(unsigned int bank, unsigned int pin)
387 {
388 switch (bank) {
389 case GPIO_BANK_Z:
390 assert(pin < get_gpioz_nbpin());
391 register_periph(STM32MP1_SHRES_GPIOZ(pin), SHRES_SECURE);
392 break;
393 default:
394 EMSG("GPIO bank %u cannot be secured", bank);
395 panic();
396 }
397 }
398
stm32mp_register_non_secure_gpio(unsigned int bank,unsigned int pin)399 void stm32mp_register_non_secure_gpio(unsigned int bank, unsigned int pin)
400 {
401 switch (bank) {
402 case GPIO_BANK_Z:
403 assert(pin < get_gpioz_nbpin());
404 register_periph(STM32MP1_SHRES_GPIOZ(pin), SHRES_NON_SECURE);
405 break;
406 default:
407 break;
408 }
409 }
410
lock_registering(void)411 static void lock_registering(void)
412 {
413 registering_locked = true;
414 }
415
stm32mp_periph_is_secure(enum stm32mp_shres id)416 bool stm32mp_periph_is_secure(enum stm32mp_shres id)
417 {
418 lock_registering();
419
420 return shres_state[id] == SHRES_SECURE;
421 }
422
stm32mp_gpio_bank_is_shared(unsigned int bank)423 bool stm32mp_gpio_bank_is_shared(unsigned int bank)
424 {
425 unsigned int not_secure = 0;
426 unsigned int pin = 0;
427
428 lock_registering();
429
430 if (bank != GPIO_BANK_Z)
431 return false;
432
433 for (pin = 0; pin < get_gpioz_nbpin(); pin++)
434 if (!stm32mp_periph_is_secure(STM32MP1_SHRES_GPIOZ(pin)))
435 not_secure++;
436
437 return not_secure > 0 && not_secure < get_gpioz_nbpin();
438 }
439
stm32mp_gpio_bank_is_non_secure(unsigned int bank)440 bool stm32mp_gpio_bank_is_non_secure(unsigned int bank)
441 {
442 unsigned int not_secure = 0;
443 unsigned int pin = 0;
444
445 lock_registering();
446
447 if (bank != GPIO_BANK_Z)
448 return true;
449
450 for (pin = 0; pin < get_gpioz_nbpin(); pin++)
451 if (!stm32mp_periph_is_secure(STM32MP1_SHRES_GPIOZ(pin)))
452 not_secure++;
453
454 return not_secure > 0 && not_secure == get_gpioz_nbpin();
455 }
456
stm32mp_gpio_bank_is_secure(unsigned int bank)457 bool stm32mp_gpio_bank_is_secure(unsigned int bank)
458 {
459 unsigned int secure = 0;
460 unsigned int pin = 0;
461
462 lock_registering();
463
464 if (bank != GPIO_BANK_Z)
465 return false;
466
467 for (pin = 0; pin < get_gpioz_nbpin(); pin++)
468 if (stm32mp_periph_is_secure(STM32MP1_SHRES_GPIOZ(pin)))
469 secure++;
470
471 return secure > 0 && secure == get_gpioz_nbpin();
472 }
473
stm32mp_nsec_can_access_clock(unsigned long clock_id)474 bool stm32mp_nsec_can_access_clock(unsigned long clock_id)
475 {
476 enum stm32mp_shres shres_id = STM32MP1_SHRES_COUNT;
477
478 /* Oscillators and PLLs are visible from non-secure world */
479 COMPILE_TIME_ASSERT(CK_HSE == 0 &&
480 (CK_HSE + 1) == CK_CSI &&
481 (CK_HSE + 2) == CK_LSI &&
482 (CK_HSE + 3) == CK_LSE &&
483 (CK_HSE + 4) == CK_HSI &&
484 (CK_HSE + 5) == CK_HSE_DIV2 &&
485 (PLL1_P + 1) == PLL1_Q &&
486 (PLL1_P + 2) == PLL1_R &&
487 (PLL1_P + 3) == PLL2_P &&
488 (PLL1_P + 4) == PLL2_Q &&
489 (PLL1_P + 5) == PLL2_R &&
490 (PLL1_P + 6) == PLL3_P &&
491 (PLL1_P + 7) == PLL3_Q &&
492 (PLL1_P + 8) == PLL3_R);
493
494 if (clock_id <= CK_HSE_DIV2 ||
495 (clock_id >= PLL1_P && clock_id <= PLL3_R))
496 return true;
497
498 switch (clock_id) {
499 case RTCAPB:
500 case CK_MPU:
501 case CK_AXI:
502 case BSEC:
503 return true;
504 case GPIOZ:
505 return !stm32mp_gpio_bank_is_secure(GPIO_BANK_Z);
506 case SPI6_K:
507 shres_id = STM32MP1_SHRES_SPI6;
508 break;
509 case I2C4_K:
510 shres_id = STM32MP1_SHRES_I2C4;
511 break;
512 case I2C6_K:
513 shres_id = STM32MP1_SHRES_I2C6;
514 break;
515 case USART1_K:
516 shres_id = STM32MP1_SHRES_USART1;
517 break;
518 case IWDG1:
519 shres_id = STM32MP1_SHRES_IWDG1;
520 break;
521 case CRYP1:
522 shres_id = STM32MP1_SHRES_CRYP1;
523 break;
524 case HASH1:
525 shres_id = STM32MP1_SHRES_HASH1;
526 break;
527 case RNG1_K:
528 shres_id = STM32MP1_SHRES_RNG1;
529 break;
530 case RTC:
531 shres_id = STM32MP1_SHRES_RTC;
532 break;
533 case CK_MCU:
534 shres_id = STM32MP1_SHRES_MCU;
535 break;
536 default:
537 return false;
538 }
539
540 return !stm32mp_periph_is_secure(shres_id);
541 }
542
stm32mp_nsec_can_access_reset(unsigned int reset_id)543 bool stm32mp_nsec_can_access_reset(unsigned int reset_id)
544 {
545 enum stm32mp_shres shres_id = STM32MP1_SHRES_COUNT;
546
547 switch (reset_id) {
548 case GPIOZ_R:
549 return stm32mp_gpio_bank_is_non_secure(GPIO_BANK_Z);
550 case SPI6_R:
551 shres_id = STM32MP1_SHRES_SPI6;
552 break;
553 case I2C4_R:
554 shres_id = STM32MP1_SHRES_I2C4;
555 break;
556 case I2C6_R:
557 shres_id = STM32MP1_SHRES_I2C6;
558 break;
559 case USART1_R:
560 shres_id = STM32MP1_SHRES_USART1;
561 break;
562 case CRYP1_R:
563 shres_id = STM32MP1_SHRES_CRYP1;
564 break;
565 case HASH1_R:
566 shres_id = STM32MP1_SHRES_HASH1;
567 break;
568 case RNG1_R:
569 shres_id = STM32MP1_SHRES_RNG1;
570 break;
571 case MDMA_R:
572 shres_id = STM32MP1_SHRES_MDMA;
573 break;
574 case MCU_R:
575 case MCU_HOLD_BOOT_R:
576 shres_id = STM32MP1_SHRES_MCU;
577 break;
578 default:
579 return false;
580 }
581
582 return !stm32mp_periph_is_secure(shres_id);
583 }
584
mckprot_resource(enum stm32mp_shres id)585 static bool mckprot_resource(enum stm32mp_shres id)
586 {
587 switch (id) {
588 case STM32MP1_SHRES_MCU:
589 case STM32MP1_SHRES_PLL3:
590 return true;
591 default:
592 return false;
593 }
594 }
595
596 #ifdef CFG_STM32_ETZPC
shres2decprot_attr(enum stm32mp_shres id)597 static enum etzpc_decprot_attributes shres2decprot_attr(enum stm32mp_shres id)
598 {
599 if (!stm32mp_periph_is_secure(id))
600 return ETZPC_DECPROT_NS_RW;
601
602 if (mckprot_resource(id))
603 return ETZPC_DECPROT_MCU_ISOLATION;
604
605 return ETZPC_DECPROT_S_RW;
606 }
607
608 /* Configure ETZPC cell and lock it when resource is secure */
config_lock_decprot(uint32_t decprot_id,enum etzpc_decprot_attributes decprot_attr)609 static void config_lock_decprot(uint32_t decprot_id,
610 enum etzpc_decprot_attributes decprot_attr)
611 {
612 etzpc_configure_decprot(decprot_id, decprot_attr);
613
614 if (decprot_attr == ETZPC_DECPROT_S_RW)
615 etzpc_lock_decprot(decprot_id);
616 }
617
set_etzpc_secure_configuration(void)618 static void set_etzpc_secure_configuration(void)
619 {
620 /* Some peripherals shall be secure */
621 config_lock_decprot(STM32MP1_ETZPC_STGENC_ID, ETZPC_DECPROT_S_RW);
622 config_lock_decprot(STM32MP1_ETZPC_BKPSRAM_ID, ETZPC_DECPROT_S_RW);
623 config_lock_decprot(STM32MP1_ETZPC_DDRCTRL_ID, ETZPC_DECPROT_NS_R_S_W);
624 config_lock_decprot(STM32MP1_ETZPC_DDRPHYC_ID, ETZPC_DECPROT_NS_R_S_W);
625
626 /* Configure ETZPC with peripheral registering */
627 config_lock_decprot(STM32MP1_ETZPC_IWDG1_ID,
628 shres2decprot_attr(STM32MP1_SHRES_IWDG1));
629 config_lock_decprot(STM32MP1_ETZPC_USART1_ID,
630 shres2decprot_attr(STM32MP1_SHRES_USART1));
631 config_lock_decprot(STM32MP1_ETZPC_SPI6_ID,
632 shres2decprot_attr(STM32MP1_SHRES_SPI6));
633 config_lock_decprot(STM32MP1_ETZPC_I2C4_ID,
634 shres2decprot_attr(STM32MP1_SHRES_I2C4));
635 config_lock_decprot(STM32MP1_ETZPC_RNG1_ID,
636 shres2decprot_attr(STM32MP1_SHRES_RNG1));
637 config_lock_decprot(STM32MP1_ETZPC_HASH1_ID,
638 shres2decprot_attr(STM32MP1_SHRES_HASH1));
639 config_lock_decprot(STM32MP1_ETZPC_CRYP1_ID,
640 shres2decprot_attr(STM32MP1_SHRES_CRYP1));
641 config_lock_decprot(STM32MP1_ETZPC_I2C6_ID,
642 shres2decprot_attr(STM32MP1_SHRES_I2C6));
643 }
644 #else
set_etzpc_secure_configuration(void)645 static void set_etzpc_secure_configuration(void)
646 {
647 /* Nothing to do */
648 }
649 #endif
650
check_rcc_secure_configuration(void)651 static void check_rcc_secure_configuration(void)
652 {
653 bool secure = stm32_rcc_is_secure();
654 bool mckprot = stm32_rcc_is_mckprot();
655 enum stm32mp_shres id = STM32MP1_SHRES_COUNT;
656 bool have_error = false;
657
658 if (stm32mp_is_closed_device() && !secure)
659 panic();
660
661 for (id = 0; id < STM32MP1_SHRES_COUNT; id++) {
662 if (shres_state[id] != SHRES_SECURE)
663 continue;
664
665 if ((mckprot_resource(id) && !mckprot) || !secure) {
666 EMSG("RCC %s MCKPROT %s and %s (%u) secure",
667 secure ? "secure" : "non-secure",
668 mckprot ? "set" : "not set",
669 shres2str_id(id), id);
670 have_error = true;
671 }
672 }
673
674 if (have_error)
675 panic();
676 }
677
set_gpio_secure_configuration(void)678 static void set_gpio_secure_configuration(void)
679 {
680 unsigned int pin = 0;
681
682 for (pin = 0; pin < get_gpioz_nbpin(); pin++) {
683 enum stm32mp_shres shres = STM32MP1_SHRES_GPIOZ(pin);
684 bool secure = stm32mp_periph_is_secure(shres);
685
686 stm32_gpio_set_secure_cfg(GPIO_BANK_Z, pin, secure);
687 }
688 }
689
gpioz_pm(enum pm_op op,uint32_t pm_hint __unused,const struct pm_callback_handle * hdl __unused)690 static TEE_Result gpioz_pm(enum pm_op op, uint32_t pm_hint __unused,
691 const struct pm_callback_handle *hdl __unused)
692 {
693 if (op == PM_OP_RESUME)
694 set_gpio_secure_configuration();
695
696 return TEE_SUCCESS;
697 }
698 DECLARE_KEEP_PAGER(gpioz_pm);
699
stm32mp1_init_final_shres(void)700 static TEE_Result stm32mp1_init_final_shres(void)
701 {
702 enum stm32mp_shres id = STM32MP1_SHRES_COUNT;
703
704 lock_registering();
705
706 for (id = (enum stm32mp_shres)0; id < STM32MP1_SHRES_COUNT; id++) {
707 uint8_t __maybe_unused *state = &shres_state[id];
708
709 DMSG("stm32mp %-8s (%2u): %-14s",
710 shres2str_id(id), id, shres2str_state(*state));
711 }
712
713 set_etzpc_secure_configuration();
714 if (IS_ENABLED(CFG_STM32_GPIO)) {
715 set_gpio_secure_configuration();
716 register_pm_driver_cb(gpioz_pm, NULL,
717 "stm32mp1-shared-resources");
718 }
719 check_rcc_secure_configuration();
720
721 return TEE_SUCCESS;
722 }
723 /* Finalize shres after drivers initialization, hence driver_init_late() */
724 driver_init_late(stm32mp1_init_final_shres);
725